Search For Tutorial

Saturday, 23 July 2016

Google Hacking Techniques 2016 Part 2

Posted by Vijay Jangra
In this post, we will learn how to find vulnerable sites using google hacking techniques. Last time i told you about some basic commands to search on google and get sensitive data.
 
google hacking



Welcome to the second part of google hacking. In my last post of google hacking, i told you about basics of google hacking. As you already know about using some google commands to know more about google search. So today, i will teach how to use google to find some vulnerable sites to practice your hacking skills or just for another reason.

We will mainly focus on two vulnerabilities SQL injection and Cross Site Scripting. Because these are most used and can be found mainly in any dynamic website.

For our this task just open www.google.com in your browser and follow below steps and commands.


SQL Injection:- SQL injection is a vulnerability or loop hole in any website that allow the attacker to inject its malicious SQL query. Attackers can also use that particular site to get into the database, get information from the website database like username and passwords, contacts, emails etc. Now you have some basic knowledge of what sql injection vulnerability is, we will learn our next task.

SQL vulnerability is found in websites which have their database. But, to use SQL injection we need to find a vulnerable URL with parameter on website. The parameter looks like ?id=6 . It means website is showing a particular file from database which have id=6. Now come to the most interestong part. Use below commands to find vulnerable sites. Open google.com and type below commands and search for them.
Inurl:.php?id=

This command will search for all the all url on any websites that is indexed on google, which have id= parameter. Now, if you wants to website of any particular country. Use below command.
Inurl:.php?id= site:.pk
Now this command will search for websites of any particular country Pakistan. Their are list of some extensions below. Use them.
.com – For commercial websites
.org – For any particular organisation
.in – For India country
.pk – For Pakistan country
.br – Brazil websites
.cn – China country
.bd – Bangladesh websites.

Just search on google domain extensions of all counties. Here below, i am providing you some other commands used to find sql vulnerable sites.


Cross Site Scripting(CSS or XSS):-
Cross site scripting is a vulnerability in any particular website that allows hacker to inject and execute its malicious javascript code. There are two types of Cross Site Scripting.

Persistence:- It will not only affect on website, it will affect both web server and its visitors.

Non - Persistence:- This particular type of vulnerability will affect only users.

Now, lets try and learn our hack. Here i am providing two commands, both will work.

Inurl:.com/serach.asp
inurl:.php?q=

These commands will search for all websites having search form in it. After finding website, open it, if you find some forms here. Just insert insert and try below code.
<script>alert("gotit")</script>
If you see any error or website is executing your command by prompting or alerting with a message. It means website is vulnerable to this particular vulnerability.


Note:- All the tricks and tips, i am teaching you here are only for educational purpose only. Use or try these tricks and hacks on your own risk. I will not be responsible for any type of cause or harm.


In our this second part of google hacking techniques post, we have learnt how to use google to find vulnerable website and practice your hacking skills. This was another google hacking tricks and hacks. In next posts, we will learn more about these particular vulnerability. So keep visiting website to get more ethical hacking tutorials or subscribe for our newsletter.



0 comments:

Post a Comment